Sombra ARG

The Sombra ARG was an alternate reality game (ARG) revolved around the character Sombra that took place outside of Overwatch itself. The game had been devised by Blizzard Entertainment as a way to build hype about the character.

The first ARG element was hidden in the origins video for Ana.[1] When paused at two separate spots in the video (1:16 and 2:11), two different strings of hexadecimal numbers can be found. When decoded, the extra letters that did not fit in the message revealed Sombra's name.

Ana was revealed in a developer update. At the end of the video, some static was shown accompanied by a beep right after the screen went its customary black. Within this static was a hidden QR code. Here is the result, once processed:

With detectives thrown off the right track (the Dorado sky "map" was just a glitch) while attempting to decipher the cardinal directions and letters, Blizzard provided the next clue in the form of a "data moshed" image of Dorado; essentially data moshing is a fancy way of saying a code is hidden in a picture.

Proceeding to the achievements page of the official site, players noticed a new achievement named "?" with an inverted question mark for the icon, and "..." for the description. Upon inspecting the source code for the site, they received the message "Vientos, nada mal. No obstante, me aburro. Intentemos algo nuevo en la misma dirección." which translates to "Damn, not bad. But I'm getting bored. Let's try something new in the same direction.", plus another encrypted cypher. The key to the cypher rested in placing the aforementioned characters in order of the cardinal directions, i.e. "tracertorbjornwinstonsymmetradvamercybastiongenjimccree". That led to a url that contained a moshed image of Volskaya Industries[8] which, when decoded, revealed an ASCII skull:

Someone created a mysterious forum post with the simple phrase in Spanish: la que tiene la información; tiene el poder, i.e. "she who has the information, has the power".[9]

After a few seconds, or whenever users moved their mouse, the entire page glitched out and a string of code began streaming. Once decoded, another ASCII skull was revealed, but this was a little different than the previous. Using a Caesar-23 cipher (Sombra is, probably not by coincidence, the 23rd character to potentially be introduced), another phrase was offered:

I promised you a game... I believe you Game Detectives would call it a Trail Head (?BLZGDA) use both skulls.

After appending the "USA-AMBAS-CALAVERAS.HTML" to the end of Blizzard's known asset mirror site, the Game Detectives uncovered a video.

Hidden in the video is another clue that is hidden in the file description when downloaded, and a faint image of the Sombra skull will appear about 9 seconds into the video and glitch some of the text.

"They seem to be very interested in these "heroes". Maybe interested to know some details that I found out about them?"

Additionally, the heartbeat of Janina Kowalska - presumed to be a pseudonym of Ana - was actually discovered to be Morse code. Once uncovered, it led those interested to a familiar Overwatch-related site: http://amomentincrime.com/ Except the site had been altered to the following:

After more investigating, it seems the % shown at the amomentincrime site is slowly and steadily increasing, no doubt a "reverse countdown" to some reveal or event.[10] The source code for the site also contains another message: "Bien hecho, ya tienen mi clave. Hackear este programa de televisión no tuvo chiste. Espérense a lo que sigue.", i.e. "Well done, you now have my key. Hacking that TV show was no fun. Wait for what’s next."

At the rate the percentage is increasing, Game Detectives figure the count"up" will end around October 16th[11].

Protocol Sombra message found in Volskaya Industries. Located in a room with the hologram of a flying ship near the first objective.

A new PTR is released. The flashing message on the monitors in Dorado is changed to "ACCESO NO AUTORIZADO: Protocolo Sombra V2.3".The same flashing message is also on a monitor in Volskaya Industries. The patch finally went live on October 11.

A new patch was added into the game. When playing on Dorado as Bastion, it started to beep ominously when looking at the flashing monitors. Translating these beeps in Morse code led to a new URL titled lumerico.mx.

Calling the phone number listed on the site led to another code which, when finally translated, read TAKECONTROL.

Appending /takecontrol to the end of the site led to a page full of code.

I'm congratulating you for getting in here. I only wanted to know if you were ready or not. (Hey, it's really difficult to get good help lately... you should see some of the clowns I'm working with). For now, let's continue with the true challenge: taking down Lumerico Corp president Guillermo Portero. Why? Because he's a greedy and corrupt man, and an abominable thief. His plan of bringing in line the most powerful and biggest ziggurat the 1st of november is nothing more than a deceit, an elaborate plan by his gang to become even more influential in the people of Mexico and get more money. And who's gonna pay for that? Common people, the ones that are always forgotten.

I've started upgrading my protocols so that they are used to take down the Lumerico Corp infraestructure and Los Muertos are also trying to go against the corruption. Meanwhile, search the Lumerico Corp site for info we can use against the bastard, or better, get his username and password so that hundreds "not so favorable" facts about the president start popping up.

I was able to get the username and pass of a Lumerico Corp employee, start here:

GFlores/g#fNwP5qJ

Accessing the login portion of the site with the above credentials led to a slew of emails (Game Detectives listing here).

(Translated) I see you have been able to infiltrate in your mail. Do not worry, he can not see this email, I've hidden from view if you connect from one of the known IP addresses. I need a little more time to set the next group of protocols. Stay tuned early next week. I'll take a few dirty rags in their emails to be filtered to the public "accidentally". We'll see how they react to the media.

Tzolk'in was realized to be the name of a Mayan calendar, and when the long string of seemingly random names were substituted as days in the calendar. Those digits were then turned into pictograms - a string of Morse code - and decoded to EXECUTEATTACK. Plugged into LumériCo's site revealed another message:

The moment has come. These emails exposed the truth about Portero, initiated the revolt, and have convinced people of Mexico to support our cause. Now is the time to strike. Convert his precious inauguration on November 1 to a large movement against it. I need you to do one thing:

Get access to the email security chief and seek some form of help in the attack. You may see her contacting Portero soon. I've changed her password: d0r*NuLw9

This gave access to an admin panel on the company's site that remained nonfunctional until November 1st.

On November 1st, the terminal became functional, and users could type help to access a list of commands, one of which is override. The answers to the three security questions are taken from an Overwatch movie, Some Like it Bot, and two references in the emails of MJimenez. Answering correctly revealed the following new commands:

ls Lists files by path

cat Read file by path

exec Execute a file

Combining these commands with some of the hidden file names and paths revealed that the unsolved "Tracer key" was meant to be used; once input, detectives were sent to a page similar to the amomentincrime site, where they were added to a counter.

When the counter met or surpassed 100, Sombra then appeared to hack LumériCo's site. A message was left in the source code:

Good job, folks. I would not have done it without your help. Anyway, I got the resources needed for my next hit - you'll love it.

Expect to hear from me in the coming days...

I'm going to send something to thank you ... Hopefully you can use it.

Dasvidanya friends

A MISDIRECTION was also in the source code. When plugging it into the company's url, it led to a message insinuating Volskaya Industries was the target of Sombra's next attack. Heading to that company's site reveals a broken main page.

Sombra is released in the Public Test Region on November 7th and finally goes live on November 15th.[15] The LumériCo website has also disappeared, and is now replaced with broken playoverwatch.com links instead.